CVE-2026-8205

Published: Mag 21, 2026 Last Modified: Mag 26, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,3
Source: ff5b8ace-8b95-4078-9743-eac1ca5451de
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none

Description

AI Translation Available

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since action_get_events does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks lalalala5678 for reporting.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0004
Percentile
0,1th
Updated

EPSS Score Trend (Last 7 Days)

425

Direct Request ('Forced Browsing')

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Access Control
Potential Impacts:
Read Application Data Modify Application Data Execute Unauthorized Code Or Commands Gain Privileges Or Assume Identity
Applicable Platforms
Technologies: Web Based, Web Server
View CWE Details
Application

Concrete Cms by Concretecms

Product Information
Vendor Concretecms
Product Concrete Cms
Version Range Affected
To 9.5.0 (inclusive)
cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://documentation.concretecms.org/9-x/developers/introd…
https://documentation.concretecms.org/9-x/developers/introduction/version-histo…